Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Digital. Show all posts

Cyberattacks on Critical Infrastructure: A Growing Threat to Global Security

 

During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity to manufacture various war machines.

This approach has a modern parallel in the cybersecurity world. A cyberattack on a single industry can ripple across multiple sectors. For instance, the Colonial Pipeline attack affected American Airlines operations at Charlotte Douglas Airport. Similarly, the Russian NotPetya attack against Ukraine spilled onto the internet, impacting supply chains globally.

At the 2023 S4 Conference, Josh Corman discussed the potential for cascading failures due to cyberattacks. The creation of the Cybersecurity and Infrastructure Security Agency’s National Critical Functions was driven by the need to coordinate cybersecurity efforts across various critical sectors. Corman highlighted how the healthcare sector depends on several infrastructure sectors, such as water, energy, and transportation, to provide patient care.

The question arises: what if a cyber incident affected multiple segments of the economy at once? The consequences could be devastating.

What makes this more concerning is that it's not a new issue. The SQL Slammer virus, which appeared over two decades ago, compromised an estimated one in every 1,000 computers globally. Unlike the recent CrowdStrike bug, Slammer was an intentional exploit that remained unpatched for over six months. Despite differences between the events, both show that software vulnerabilities can be exploited, regardless of intent.

Digital technology now underpins everything from cars to medical devices. However, as technology becomes more integrated into daily life, it brings new risks. Research from Claroty’s Team82 reveals that insecure code and misconfigurations exist in software that controls physical systems, posing potential threats to national security, public safety, and economic stability.

Although the CrowdStrike incident was disruptive, businesses and governments must reflect on the event to prevent larger, more severe cyber incidents in the future.

Cyber-Physical Systems: A Shifting Threat Landscape

Nearly every facility, from water treatment plants to hospitals, relies on digital systems known as cyber-physical systems (CPS) to function. These systems manage critical tasks, but they also introduce vulnerabilities. Today, billions of tiny computers are embedded in systems across all industries, offering great benefits but also exposing the soft underbelly of society to cyber threats.

The Stuxnet malware attack in 2014, which disrupted Iran's nuclear program, was the first major cyber assault on CPS. Since then, there have been several incidents, including the 2016 Russian Industroyer malware attack that disrupted part of Ukraine’s power grid, and the 2020 Iranian attempt to attack Israeli water utilities. Most recently, Chinese hackers have targeted U.S. critical infrastructure.

These incidents highlight how cybercriminals and nation states exploit vulnerabilities in critical infrastructure to understand weaknesses and the potential impact on security. China, for example, has expanded its objectives from espionage to compromising U.S. infrastructure to weaken its defense capabilities in case of a conflict.

The CrowdStrike Bug and Broader Implications

The CrowdStrike bug wasn’t a malicious attack but rather a mistake tied to a gap in quality assurance. Still, the incident serves as a reminder that our dependence on digital systems has grown significantly. Failures in cyber-physical systems—whether in oil pipelines, manufacturing plants, or hospitals—can have dangerous physical consequences.

Although attacks on CPS are relatively rare, many of these systems still rely on outdated technology, including Windows operating systems, which account for over 25% of vulnerabilities in the CISA Known Exploited Vulnerabilities Catalog. Coupled with long periods of technological obsolescence, these vulnerabilities pose significant risks.

What would happen if a nation-state deliberately targeted CPS in critical infrastructure? The potential consequences could be far worse than the CrowdStrike bug.

Addressing the vulnerabilities in CPS will take time, but there are several steps that can be taken immediately:

  • Operationalize compensating controls: Organizations must inventory assets and implement network segmentation and secure access to protect vulnerable systems.
  • Expand secure-by-design principles: CISA has emphasized the need to focus on secure-by-design in CPS, particularly for medical devices and automation systems.
  • Adopt secure-by-demand programs: Organizations should ask the right questions of software vendors during procurement to ensure higher security standards.
Although CPS drive innovation, they also introduce new risks. A failure in one link of the global supply chain could cascade across industries, disrupting critical services. The CrowdStrike bug wasn’t a malicious attack, but it underscores the fragility of modern infrastructure and the need for vigilance to prevent future incidents

Time to bring order to Cyber Chaos

 

In today's digital era, businesses are embracing rapid changes to enhance efficiency, but with it comes a surge in cybersecurity challenges. Last year saw a staggering 29,000 new IT vulnerabilities reported globally, emphasising the need for a strategic approach. 
 
The Challenge: Businesses face overwhelming data and fragmentation issues, operating across intricate networks that make it challenging to identify vulnerabilities. With interconnected systems, a vulnerability in one device can lead to widespread disruption, creating a need for effective risk management. 
 
Information Overload: 
 
The National Vulnerability Database reported over 25,000 vulnerabilities in 2022 alone, causing information overload for organisations. It's unrealistic for firms to patch everything; they can only address 5-20% of identified vulnerabilities per month. Prioritisation becomes crucial, focusing on the most critical vulnerabilities in real-time. 
 
The Need for Change: 
 
Traditional risk prioritisation methods need to be revised in complex network ecosystems. Shadow IT, data obsolescence and outdated asset inventories worsen the confusion. A new approach is essential to adapt to the evolving cyber landscape. 
 
Solution: Risk-Based Vulnerability Management (RBVM) 
 
RBVM shifts from the traditional tick-box approach to a nuanced method. It evaluates vulnerabilities based on severity and the organisation's unique context, industry, and operations. RBVM provides a holistic network view, integrating with existing security tools and utilising threat intelligence for dynamic prioritisation. 
 
Effective RBVM is not just about tools; it relies on people managing vulnerabilities. Establishing responsibilities, fostering accountability, and ensuring coherent team efforts are vital. People, processes, and tools together transform vulnerability chaos into manageable order. 

Businesses must align vulnerability management with compliance and regulatory requirements. The Common Vulnerability Scoring System (CVSS) 4.0 emphasises a granular framework, but relying solely on CVSS scores may lead to misguided priorities. Smaller organisations balance reactive and preventive measures, while larger enterprises delve into asset management and threat intelligence. 
 
Successful RBVM adoption requires efforts across the business. Aligning C-level strategy, streamlining IT processes, and fostering a culture of knowledge sharing create resilience in the face of cyber threats. 
 
So it appears, that navigating the complex cyber world demands a simplified yet comprehensive approach. By embracing RBVM, businesses can effectively manage vulnerabilities, protect against cyber threats, and build a strong defence system for the future.

Web3: Cybercrime May Come to an End, Here’s How

 

Cybercrime has increasingly surged at a high rate in the U.S. Annually, cybercrime amounts to damage worth trillion dollars. One of the top cyber threats has been digital identity theft, in which threat actors leverage the stolen personal information of the victims, with the intent of causing financial havoc. 
The issue of cybercrime has persisted over the years and is certainly not going away anytime soon. In regard to the issue, the CEO of Sony, said, “the solution to cybercrime isn’t two-factor identification or your mother’s maiden name. The solution to cybercrime lies in the transition to Web3.” 

What is Web3?  


Web3, also known as Web 3.0 serves as the succeeded iteration of the internet after Web 2.0. While Web 2.0 is marked as a centralized internet model in which most of the data, content, and other services are controlled by some of the internet giants, also referred to as ‘Big Tech.’ 

WWe3 on the other hand can be described as a decentralised version of the internet, allowing users to communicate with one another in a secure, peer-to-peer environment.  

How are users vulnerable to Web2? 

Since a “digital identity” in Web2 includes more than just a username and a profile picture, a user is supposed to enter a verifiable email address in order to create an identity.  

Certainly, there is no limit to how many email addresses can one user make. Most of the users have multiple email addresses, serving different purposes, such as personal usage, work communication, spam filtering, etc. 

As there is no method to confirm that the person logging in is who they claim to be, beyond the two-factor identification, employing this means anyone with the credentials can get into any of these emails.  

Adding to the misery, once a company gets hold of a user’s personal data, he practically has no control over it. Thus, personal information is sold for the sake of targeted adverts. The data access and secondary sale increase the opportunities for a threat actor to exploit it. 


How is Web3 solving the problem?  


Login security: Centralized authorities would not control the user in the future. It will be as simple as utilising a biometric unlock with the use of DIDs and Blockchain-backed verification.  

Bots are always searching the internet for stray credentials that they may use to access bank accounts, emails, and other accounts. This will be stopped in its tracks by consolidated digital identities that are accessed by biometric logins.  

Control and Monetization of User Data


With the consolidated digital identity, a user can now utilize the data as they see fit, since he has overall control over who sees the data and who has to pay for the same. For an instance, one could build a decentralised ad network on Web3 and allow users to either opt in or out of the system.  

Although, Web3’s growing popularity is being considered the ‘next big revolution’, in digital tech, for its take on making lives easier for the unbanked and others involved in it. It still needs much improvement in regard to risks pertaining to the loopholes and potential vulnerabilities that could cause a great many problems in the future.

A Series Of Cyber Essentials Toolkits Released To Address Cyber-Security Risks


As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release.

CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness.

The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment.

CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit. We hope this toolkit and the ones we are developing, fills gaps, and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Cyber Essential created in collaboration with small businesses and state and local governments, plans to prepare smaller organizations that generally have not been a part of the national dialogue on cybersecurity with basic steps and assets to improve their cybersecurity.

The CISA incorporates two sections, the core values for leaders to build up a culture of security, and explicit activities for them and their IT experts to put that culture into action. Every one of the six Cyber Essential incorporates a list of noteworthy items anybody can take to bring down cyber risks.

These are:

  •  Drive cybersecurity strategy, investment, and culture; 
  •  Develop a heightened level of security awareness and vigilance;
  •  Protect critical assets and applications; 
  •  Ensure only those who belong on your digital workplace have access; 
  •  Make backups and avoid loss of info critical to operations; 
  • Limit damage and restore normal operations quickly.

Vulnerability in allows hackers to steal private pictures from digital cameras




The International Imaging Industry Association has devised a 'standardised protocol' known as  Picture Transfer Protocol  (PTP) to move digital pictures from camera to PC seeing as Modern Cameras which connect with a PC by means of USB or WiFi systems are said to have been vulnerable against ransomware and malware attacks.

A research report from Check Point Research ascribes the danger to Picture Transfer Protocol (PTP) used to transfer digital pictures from camera to PC.

For their research, Check Point utilized Canon's EOS 80D DSLR camera which supports both USB and WiFi, and basic vulnerabilities in the PTP were found. Given that the protocol is standardized and installed in other camera brands, it is reasonable for expect that comparable vulnerabilities can be found in cameras from different sellers too.

The transfer protocol was at first centered around picture transfer, but it evolved further to incorporate many various commands that support anything from taking a live picture to overhauling the camera's firmware.

Eyal Itkin, Security Researcher, Check Point Software Technologies says that, “Any ‘smart’ device, including the DSLR camera, is susceptible to attacks; cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released.”

Here are some important measures the camera owners can take in order to avoid being infected:

  • Ensure your camera is utilizing the most recent firmware version, and install a patch if available.
  • Turn off the camera's WiFi when not being used
  • When utilizing Wi-Fi, take a stab at utilizing the camera as the Wi-Fi___33 access point (basically, design the camera to go about as a Wi-Fi hotspot), instead of connecting your camera to an open Wi-Fi network.


The Rise of Fingerprinting and Monitoring Of Our Digital Activities




 The concept of digital privacy has evolved so much with time that regardless of whether we secure our data to ensure that we are not tracked on the web, the ad tech industry, through some way or different finds ways to monitor our digital activities.

Being alluded to as a cutting edge tracking technology by security researchers, the fingerprinting technology has for sure achieved new statures.

While it incorporates taking a look at the many characteristics of the user's mobile device or computer, like the screen resolution, operating system and model, it likewise very effectively while triangulating this data, pinpoints and follows the user as they browse the web and make use of the other apps.

Presently since the technique happens imperceptibly out of sight in applications and websites, it becomes very hard to block the particular technology at whatever point it isn't required.

In the course of the most recent couple of years, tech companies like Apple and Mozilla 'introduced aggressive privacy protections' in their internet browsers to make it harder for advertisers to follow the users around the web and serve targeted ads on promotions.

But since a large number of those technologies ended up getting blocked by default, the advertisers needed to come up with an alternate method to track more users.

That is when the fingerprinting technology becomes an integral factor, as it gathers apparently harmless attributes that are commonly shared as default to make applications and sites work appropriately, which happens when the users gives an application the consent to access their location data, their camera and microphone. Thus, many other browsers likewise require the permission before a website can access those sensors.

While some state that the fingerprint method can be dependable and reliable, others say that it is abusive on the grounds that in contrast to cookies, which the users can see and delete, one for the most part can't tell it is going on and can't opt out it.

Nonetheless the solutions for averting fingerprinting are generally new, and some are still being developed. Thus it is difficult to tell how powerful they are since fingerprinting happens undetectably. So here are a few solutions for blocking browser fingerprinting.
  1. Apple users can make use of the protections installed in the Safari browser for computers and mobile devices.
  2. Android users and Windows users can try the Firefox web browser.
  3. Furthermore, the other desktop browsers can easily install an add-on.

In case of mobile users:
Privacy Pro and Disconnect Premium can examine the application activities on the device to recognize and block trackers, including finger printers.

Since Fingerprinting is a perplexing subject since the tracking method applies to both the web and mobile applications it is thusly recommended for the users to become familiar with it and be one at least one step ahead in ensuring their privacy protection themselves.